[CERT-daily] Tageszusammenfassung - 11.06.2021
Daily end-of-shift report
team at cert.at
Fri Jun 11 18:21:04 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 10-06-2021 18:00 − Freitag 11-06-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Keeping an Eye on Dangerous Python Modules, (Fri, Jun 11th) ∗∗∗
---------------------------------------------
With Python getting more and more popular, especially on Microsoft Operating systems, it's common to find malicious Python scripts today.
---------------------------------------------
https://isc.sans.edu/diary/rss/27514
∗∗∗ SQL Injection: Gezielte Maßnahmen statt Block Lists ∗∗∗
---------------------------------------------
Bei Schwachstellen im Web nimmt SQL Injection nach wie vor eine führende Rolle ein, dabei ist die Abwehr gar nicht schwer.
---------------------------------------------
https://heise.de/-6067640
∗∗∗ Why hackers don’t fly coach ∗∗∗
---------------------------------------------
Physical security is relied on too heavily for cabin-based systems on the Airline Information Services Domain (AISD).
---------------------------------------------
https://www.pentestpartners.com/security-blog/why-hackers-dont-fly-coach/
∗∗∗ Unbefugter Zugriff auf Ihr PayPal-Konto? Ignorieren Sie diese E-Mail! ∗∗∗
---------------------------------------------
Aktuell versenden Kriminelle eine Phishing-Mail im Namen von PayPal. Angeblich gäbe es ungewöhnliche Aktivitäten auf Ihrem PayPal-Konto. Daher müssten Sie sich einloggen und Ihre Identität bestätigen. Gehen Sie nicht auf die Forderungen ein. Kriminelle versuchen Zugang zu Ihrem PayPal-Konto zu bekommen.
---------------------------------------------
https://www.watchlist-internet.at/news/unbefugter-zugriff-auf-ihr-paypal-konto-ignorieren-sie-diese-e-mail/
∗∗∗ Proxy Windows Tooling via SOCKS ∗∗∗
---------------------------------------------
Leveraging SOCKS to proxy tools from a Windows attacker machine through a compromised host is a topic that contains some nuance and room for confusion.
---------------------------------------------
https://posts.specterops.io/proxy-windows-tooling-via-socks-c1af66daeef3
∗∗∗ BackdoorDiplomacy: Upgrading from Quarian to Turian ∗∗∗
---------------------------------------------
ESET researchers discover a new campaign that evolved from the Quarian backdoor.
---------------------------------------------
https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
∗∗∗ Breaking SSL Locks: App Developers Behaving Badly ∗∗∗
---------------------------------------------
Symantec analyzed five years’ worth of Android and iOS apps to see how many are sending data securely.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-apps-ssl-locks
∗∗∗ Authorities seize SlilPP, a marketplace for stolen login credentials ∗∗∗
---------------------------------------------
The US Department of Justice announced today it seized the servers and domains of SlilPP, a well-known online marketplace where criminal groups assembled to trade stolen login credentials.
---------------------------------------------
https://therecord.media/authorities-seize-slilpp-a-marketplace-for-stolen-login-credentials/
=====================
= Vulnerabilities =
=====================
∗∗∗ Hackers can exploit bugs in Samsung pre-installed apps to spy on users ∗∗∗
---------------------------------------------
Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-can-exploit-bugs-in-samsung-pre-installed-apps-to-spy-on-users/
∗∗∗ Qnap sichert Switches und Netzwerkspeicher vor unberechtigten Zugriffen ab ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für verschiedene Netzwerkgeräte von Qnap.
---------------------------------------------
https://heise.de/-6068667
∗∗∗ Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug (GitHub blog) ∗∗∗
---------------------------------------------
On the GitHub blog, Kevin Backhouse writes about a privilege escalation vulnerability in polkit, which enables an unprivileged local user to get a root shell on the system. CVE-2021-3560 is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request.
---------------------------------------------
https://lwn.net/Articles/859064/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libwebp), Fedora (firefox, lasso, mod_auth_openidc, nginx, redis, and squid), Oracle (.NET 5.0, container-tools:2.0, dhcp, gupnp, hivex, kernel, krb5, libwebp, nginx:1.16, postgresql:10, and postgresql:9.6), SUSE (containerd, docker, runc, csync2, and salt), and Ubuntu (libimage-exiftool-perl, libwebp, and rpcbind).
---------------------------------------------
https://lwn.net/Articles/859192/
∗∗∗ WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN70566757/
∗∗∗ Sonicwall SRA 4600 Targeted By an Old Vulnerability, (Fri, Jun 11th) ∗∗∗
---------------------------------------------
https://isc.sans.edu/diary/rss/27518
∗∗∗ ZDI-21-682: (0Day) D-Link DAP-1330 HNAP Cookie Header Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-682/
∗∗∗ ZDI-21-681: (0Day) D-Link DAP-1330 lighttpd http_parse_request Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-681/
∗∗∗ ZDI-21-680: (0Day) D-Link DAP-1330 lighttpd get_soap_action Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-680/
∗∗∗ ZDI-21-679: (0Day) D-Link DAP-1330 HNAP checkValidRequest Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-679/
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability (CVE-2021-29754) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-privilege-escalation-vulnerability-cve-2021-29754/
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects TPF Toolkit ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-tpf-toolkit/
∗∗∗ Security Bulletin: IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to cacheable SSL Pages (CVE-2021-20396) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-app-for-ibm-qradar-siem-is-vulnerable-to-cacheable-ssl-pages-cve-2021-20396/
∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0652
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list